“Catch Me If You Can: 2024 Trends in Email Threats and Evasion Techniques”
Location: 177 Huntington Ave, conference room 503
Abstract:
In the modern digital era, email stands as an indispensable tool for communication, making its security critically important. This talk will begin by presenting key statistics that highlight the importance of email security. These statistics will underscore the pervasive nature of email and the necessity of robust security measures.
The presentation will then delve into the main types of email threats, including phishing, Business Email Compromise (BEC), Vendor Email Compromise (VEC), scams, spam, and malicious spam (malspam), providing a comprehensive overview of each threat type.
Following this, the most significant email threat trends of 2024 will be examined, identifying emerging patterns and new tactics employed by threat actors. The discussion will then explore the sophisticated and tricky evasion techniques used by attackers in 2024 to bypass spam filters and detection engines.
Finally, the challenges faced in email threat detection will be addressed, discussing the limitations of current security measures and the ongoing battle to stay ahead of evolving threats. This talk aims to equip attendees with a deeper understanding of the email threat landscape and the complexities of defending against these ever-evolving threats.
Bio: Omid Mirzaei is a Security Research Lead in the Email Threat Research team at Cisco Talos. He holds a PhD in Computer Security from University Carlos III of Madrid (UC3M), where he specialized in Android application triage, malware detection, and characterization. He furthered his research at Northeastern University’s Systems Security Lab, focusing on detecting code reuse in advanced Windows malware. He has served on the technical program committees of top security conferences and has presented at venues such as OWASP and BSides SF.
Faculty host: Engin Kirda